Kurt Meyer, chief risk officer of Swissgrid, the Swiss national electricity transmission system operator, reflects on the risk management system he installed after the deregulation and liberalization of the European energy market. With 41 connections to other European networks, a failure in Swissgrid's network could interrupt the supply of electricity in Switzerland and much of Europe. Meyer describes the periodic interactive risk workshops conducted at each business unit to identify, assess, and mitigate risks. Executive Risk Workshops of the CEO and the company's leadership team discuss the business units' risk profiles and risks that cut across the units, such as safety, weather, and regulatory changes. New and emerging risks are discussed at Extraordinary Risk Workshops. Meyer recently deployed an app on employees' smartphones for them to easily report anomalies or concerns. Reports from the app are embedded in a new real-time crisis management platform used by several Swiss companies, federal authorities, and the Swiss Army. Despite a full array of risk management tools and processes, Meyer remains concerned about risks yet to be identified.
The Kursk, a Russian nuclear-powered submarine sank in the relatively shallow waters of the Barents Sea in August 2000, during a naval exercise. Numerous survivors were reported to be awaiting rescue, and within a week, an international rescue party gathered at the scene, which had possessed between them all that was needed for a successful rescue. Yet they failed to save anybody. Based on the recollections and daily situational reports of Commodore David Russell, who headed the Royal Navy's rescue mission, the case explores how and why this failure-a classic coordination failure-occurred. The Kursk rescue mission also illustrates the challenges of pluralistic risk and disaster management, and asks students to consider how to bring about solutions in the face of pluralistic risk issues, such as the depletion of natural resources and many other disasters, when multiple parties with competing and often conflicting values and expertise have to learn to coordinate and establish a virtual, well-aligned organization.
This brief follow-up complements the case on The LEGO Group: Stepping Up in Asia (9-113-054), and discusses the aftermath of the scenario planning session, in which LEGO managers contemplated the risks of their new Asian strategy. The scenario planning exercise played a role in managers' realization that the Group could not simply "copy-paste" its existing operating model across the diversity of Asian markets. LEGO invested significantly in Asia throughout 2012-2013 in order to adapt its playbook to the anticipated challenges. The case also describes how, in 2013, scenario planning became part of the business-planning process at the LEGO Group. It allows students to understand the difference between a tailored scenario planning exercise, and the tenuous future-gazing processes that generally fail to get traction among business managers.
In theory, the risk management groups of two British banks--Saxon and Anglo--had the same influence in their organizations. But in practice, they did not: Saxon's was engaged in critical work throughout the bank, while Anglo's had little visibility outside its areas of expertise. In their study of these two financial institutions, the authors identified four competencies--trailblazing, toolmaking, teamwork, and translation--that help functional leaders or groups compete for top management's limited attention and increase their impact. Anglo's risk managers were strong in only some of the competencies, but Saxon's were strong in all four. They consistently scanned the internal and external environment for important issues to which they could apply a risk management perspective (trailblazing) and then developed tools--such as quarterly risk reports--that spread their expertise (toolmaking). While controlling the tools' design and implementation, the risk managers incorporated business managers' insights (teamwork) and made sure everyone could understand the findings (translation). Ultimately, experts' roles must fit the organization's strategy and structural needs. In some situations, functional experts can raise their profile by cultivating just two of the competencies. But those who are strong in all four are likely to be the most influential.
On January 1, 2012, the LEGO Group announced a major new initiative to enhance its market penetration in Asia. Later in the year, a cross-functional group of senior managers gathered at company headquarters to discuss the status of the Asian initiative and the risks associated with it. The aim of the meeting was to outline four scenarios for the future that could help managers assess what key success factors and actions were required for coping with the challenges presented by each scenario and to prioritize them. Students will have an opportunity to enact the scenario exercise themselves, devising their own scenarios, and deciding whether the LEGO Group should build a factory in an Asian location in the next five to seven years. In order to facilitate a discussion about the challenges of designing a "winning organization," the case also presents difficult choices that executives had to make about the LEGO Group's strategy, choice of primary customers, core capabilities, and organizational structure. In order to facilitate a discussion about the challenges of designing a "winning organization", the case also presents difficult choices that executives had to make about the LEGO Group's strategy, choice of primary customers, core capabilities, and organizational structure.
Risk management is too often treated as a compliance issue that can be solved by drawing up lots of rules and making sure that all employees follow them. Many such rules, of course, are sensible and do reduce some risks that could severely damage a company. But rules-based risk management will not diminish either the likelihood or the impact of a disaster such as Deepwater Horizon, just as it did not prevent the failure of many financial institutions during the 2007-2008 credit crisis. In this article, Robert S. Kaplan and Anette Mikes present a categorization of risk that allows executives to understand the qualitative distinctions between the types of risks that organizations face. Preventable risks, arising from within the organization, are controllable and ought to be eliminated or avoided. Examples are the risks from employees' and managers' unauthorized, unethical, or inappropriate actions and the risks from breakdowns in routine operational processes. Strategy risks are those a company voluntarily assumes in order to generate superior returns from its strategy. External risks arise from events outside the company and are beyond its influence or control. Sources of these risks include natural and political disasters and major macroeconomic shifts. Risk events from any category can be fatal to a company's strategy and even to its survival. Companies should tailor their risk management processes to these different risk categories. A rules-based approach is effective for managing preventable risks, whereas strategy risks require a fundamentally different approach based on open and explicit risk discussions. To anticipate and mitigate the impact of major external risks, companies can call on tools such as war-gaming and scenario analysis.
Following the financial crisis of 2007/2008, HSBC CEO Michael Geoghegan saw a fundamental change in global opportunities and risks. With increasing regulation and fierce competition between banks, the Western hemisphere was going to be a tougher place to do business. Emerging markets, however, offered many opportunities. Geoghegan reasoned that in HSBC's case, a turn to emerging markets would be a return to its roots and to managing risks that it knew. But HSBC needed to understand what the implications of the new strategy-"moving to emerging markets"-were for its portfolio and overall risk profile. Especially, how should HSBC reallocate capital freeing up in the West across its diverse geographies and business lines?
This case enables students to simulate a risk management workshop based on the description of an innovative capital project in the energy sector. Students will discuss, assess, and vote on the riskiness of the Smart Meters project and experience the dynamics of a risk workshop.
The collapse of Lehman Brothers in 2008 was the largest bankruptcy in US history. The case examines the economics of the off-balance sheet transactions Lehman undertook prior to the collapse, and highlights the corporate governance challenges in situations where firms face capital market pressure and market downturns. In particular, the case examines the financial accounting, auditing and internal management control practices around the Repo 105 transactions, which had a significant effect on the leverage position of the company. Based on the findings of the bankruptcy examiner's report, the case focuses on the role that management, external auditors, and the audit committee played in what amounted to a significant control failure.
Mary Erdoes, the CEO of JP Morgan's Asset Management business, and three colleagues provide insights into risk management issues faced by the firm's Private Bank during the financial crisis in 2008-2009. The case provides perspective on the philosophy with which they approach risk management, issues of greatest concern, tools and processes used in practice, the benefits and limitations of quantitative models and balance between the use of models and exercising judgment, and lessons learned from the crisis about risk management.
The case, in a non-profit project-oriented setting, introduces fundamental risk management principles and processes that are easily applicable to private sector settings. Gentry Lee, senior systems engineer and de-facto chief risk officer, is applying a new comprehensive risk management system to a $600 million high-profile Mars landing mission. The case illustrates JPL's risk culture for high-visibility and expensive missions in the post-Challenger era with tightly constrained budgets. It introduces risk analytics, such as heat maps, and the management process and governance system centered around continuous challenge and "intellectual confrontation." Students will consider JPL's strategy and constraints, measurable technical risks, non-measurable external risks and societal pressures in making a decision about whether to launch or delay the Mars mission launch. The case calls for an appreciation of the role of the chief risk officer, and in general, of leadership, in risk management.
Five experts gathered recently to discuss the future of enterprise risk management: Kaplan, the Baker Foundation Professor at Harvard Business School, who with his colleague David Norton developed the balanced scorecard; Mikes, an assistant professor at HBS who studies the evolution of risk management and the role of the chief risk officer; Simons, the Charles M. Williams Professor of Business Administration at HBS; Tufano, the Sylvan C . Coleman Professor of Financial Management at HBS; and Hofmann, the chief risk officer at Koch Industries. The panel was moderated by HBR senior editor David Champion. Among the questions they addressed were: How predictable was the financial meltdown of 2008-2009? Did new tools for assessing risk give a false sense of security? How do the challenges facing industrial companies differ from those facing the financial sector? Is outsourcing an effective risk-management tool? Have capital structures become a bit too efficient in many companies? What makes a good chief risk officer?
This case motivates a debate on the role of staff functions, such as risk management: what does it mean for them to be independent, and at the same time, to partner the business lines? The case describes the risk assessment process in the corporate banking arm of Wellfleet Bank (cca. 2006-2009) around an illustrative business proposal in the corporate lending business, and illustrates the decision challenges faced by the case protagonists (two senior risk officers of the Group Credit Committee)-who grapple with the tensions common between the sales organization and the risk control function in large financial institutions. The discussion of the proposal particularly evokes the cultural tension between the risk function and the business line: should the risk function play the role of policeman or business partner?
This case introduces risk management in the context of corporate lending, one of the bread-and-butter functions of commercial banks. It evokes the cultural tension between the risk function and the business line, which in this organization reverberated long after the decisive votes were cast at the group credit committee. The case further motivates debate on calculative cultures, and the role of model-based risk assessments in decision-making, and underlines the role of judgment in risk decisions. Modeling and judgment carry different weight in different types of risk decisions. While risk models can be relied upon as the key decision-makers in a retail banking environment (e.g. credit card applications), in the case of large credit decisions, their reliability is, generally, low. This is because the key features of the proposals at hand cannot all be condensed into risk metrics; as in these proposals, several "qualitative" issues arise that the decision-maker needs to judge in tandem with the quantitative metrics. The exercise also highlights that model-based risk metrics are themselves judgmental (they reflect the assumptions of the modeler) and that their use must be as much an art as a science. The story has got a temporal dimension: one proposal was current in mid-2006, the other in late 2008, two very different credit environments.
Rising food prices threatened an unprecedented number of people around the world with malnutrition or starvation in 2008. The new Executive Director of the United Nations' World Food Programme (WFP)--the world's largest food relief agency-- must not only address this challenge but also must rethink the WFP's strategy in the rapidly-changing world of humanitarian assistance.
An early adopter of Enterprise Risk Management, energy giant Hydro One anticipated new threats and opportunities in an industry that faced climate change and carbon legislation, the deregulation of electricity markets, and the greater adoption of renewable technologies. CEO Laura Formusa felt Hydro One's risk profile had shifted, to the extent that she had to ask herself -- was the strategy tenable? The case provides a rich description of Enterprise Risk Management in action, and shows how Hydro One executives arrive at a shared understanding of the risk profile of the company. In the narrative a diverse group of managers (the chief executive, the chief financial officer, the head of the public relations and the chief regulatory officer) voice their views on the risks, collectively bringing a multiple stakeholder perspective to the risk profile. The case challenges students to define the problems and risks that the company faces, given its strategic objectives, its evolving risk profile, and the changing environment. The case also offers a discussion ground for defining the role of the chief risk officer, and the relationship between risk management, strategic planning and capital budgeting.